1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
By default, your customer gateway device must bring up the tunnels for your Site-to-Site VPN connection by generating traffic and initiating the Internet Key Exchange (IKE) negotiation process. You can configure your VPN tunnels to specify that AWS must initiate or restart the IKE negotiation process instead. This is supported on IKEv2 only.
- Startup action: The action to take when establishing the VPN tunnel for a new or modified VPN connection. By default, your customer gateway device initiates the IKE negotiation process to bring the tunnel up. You can specify that AWS must initiate the IKE negotiation process instead.
Suggest changing the Start-up Action, reference.
Also make sure that the VPC route table has routes pointing towards VGW/TGW as well.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
Are you using route based VPN or Policy based VPN? if route based is it Static route or BGP VPN? From the description it appears AWS is source of the traffic, are you seeing traffic reach Fortigate FW (in the logs)
I'm using route based, it is static route. I'm not seeing traffic going to FortiGate
Is the Tunnel itself Up (Phase 1 & Phase2)? Also clarify if you are using VGW or a TGW.
Yes both phase 1 and 2 tunnel are up. It is VGW
I have another test environment instance that uses both phase 1 and 2, and it is working perfectly fine. I don't know how to check the instance that is configured on my prod environment.